/
Switchvox - What do I do if my Digium phones will not register over VPN between two Sonicwalls?

Switchvox - What do I do if my Digium phones will not register over VPN between two Sonicwalls?

Fragmented packets are completely normal at the beginning of the provisioning stage for Digium phones.
The phone will send a MESSAGE packet that is above the standard MTU of 1500 bytes.
This is fragmented by networking equipment (as expected) and is part of the negotiation to see how large packets should be going forward.

If you are having trouble with remote Digium phones registering over a VPN between two Sonicwalls, do the following:

  1. Run a packet capture and try to register one of the phones.  How to run a packet capture.

  2. When the phone times out, stop the packet capture.

  3. Open the capture in Wireshark and filter by the IP address of the phone using the filter:  ip.addr==IPaddressOfPhone

  4. If you see fragmented packets, then MESSAGE packets, but no REGISTER packets, then there are dropped packets happening on the network equipment.

In both Sonicwalls do the following:

  1. Make sure "Allow Fragmented Packets" is enabled on both ends of the SonicWALL VPN tunnel in the access rules.

  2. Make sure "Ignore DF (Don't Fragment)" is checked/enabled.

  3. A packet capture from the Sonicwall will show dropping registration answers due to packet being marked "Don't Fragment", but packet size was larger than the MTU. Setting "Ignore DF" should correct the issue.

Firewall checklist and suggested Sonicwall settings can be found HERE and HERE.

 

Related content

Return to Documentation Home I Return to Sangoma's Help Center